Description

A weakness has been identified in JeecgBoot up to 3.9.0. The impacted element is the function SysUserOnlineController of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserOnlineController.java. Executing manipulation can lead to manage user sessions. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. This patch is called b686f9fbd1917edffe5922c6362c817a9361cfbd. Applying a patch is advised to resolve this issue.

Related CPE's

Could not find any relations

References

https://github.com/jeecgboot/JeecgBoot/commit/b686f9fbd1917edffe5922c6362c817a9361cfbd

https://github.com/jeecgboot/JeecgBoot/issues/9195

https://github.com/jeecgboot/JeecgBoot/issues/9195#issue-3719368751

https://vuldb.com/?ctiid.337433

https://vuldb.com/?id.337433

https://vuldb.com/?submit.715743

Weaknesses

[email protected]

Primary
CWE-1018

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

4.3 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Received

Published

2025-12-19T02:16:04.703

13 hours ago

Last modified

2025-12-19T02:16:04.703

13 hours ago